dsi Billing Services

Govmail Online

Govmail Online is our web browser based hybrid mail solution that enables organisations to submit documents to our secure production centres for printing and mailing - achieving upto 60% reduction in costs. Supports e-doc channel shift, home worker document production, revenues and benefits printing, offsite document production and mail merge.

Features

• Document address and content checking
• Mail sortation
• Content based rules
• User and group level filters
• User and group level reporting
• Append fixed forms to documents
• Adjustable mail dates
• Automatic content based document indexing
• Protection against multiple letters in a pack

Benefits

• Reduced printing costs
• Reduced mailing costs
• Time saved managing print, enclose and mail
• Guards against mailing invalid addressed items
• Reports give full visibility of mail output per user
• End to end mail piece tracking using mailmark

£0.39 to £0.57 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graeme.nye@dsigroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

342001858513910

Contact

Graeme Nye
07807 628701
graeme.nye@dsigroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Some Apple mobile devices do not support file upload to websites.
• System requirements:
  • Internet connection
  • Modern web browser
  • Documents in standard format

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 working day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: No testing beyond ensuring it works with the standard tools provided by OS or browsers.
• Onsite support: Yes, at extra cost
• Support levels: Support Levels; Client/User Support; Our software solutions have an inbuilt help facility that enables users to report any issues, or request further assistance via email. ; ; Primary support is provided Monday to Friday between 8am and 5.30pm. ; Out-of-hours support (including weekends) can be arranged to suit particular client needs, at an additional cost. ; ; Our software is likely to be in use during core working hours, so out-of-hours support is not ordinarily required.; ; System Support; Where cloud services are being provided for use outside of core working hours, our support team provide 24x7 cover to maximise system availability/up-time. ; ; Support Costs; User email support - Included within our standard service charge.; System Support - Included within our standard service charge.; ; Technical Account Manager; A Technical Account Manager will be provided to manage client support requirements and to monitor system up-time and performance. Web-chat functionality can be implemented to expedite resolution to more intricate user issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We have guides for setup, administration and usage. We can provide a online meeting walk through and if requested can provide on site assistance.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Either through the admin controls or by request to us.
• End-of-contract process: Prior to expiration of the contract period, we will initiate our end-of-contract process. This will be managed by the client Account Manager, and will be designed to ensure a risk-free cessation of services and transition to a new supplier (if appropriate). ; ; End-of-contract process will cover:; Communication - a mechanism for communicating to end users likely to be impacted. This can be delivered via the software directly to users.; ; Transition Planning - a service transition plan will be agreed and documented.; ; In accordance with Data Protection requirements we will ensure that:; ; Data - all data will be deleted.; Digital Assets - all digital assets will be deleted.; Login Credentials - all login credentials will be deleted.; Software - all active software and existing system communication mechanisms will be deactivated.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The full service depends on the mobile device being able to upload a document file. Without that mobile devices will be able to view and manage current jobs but not submit new ones.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: An admin service portal is there for setting up portal style, data retention policy and to manage users.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None beyond testing with standard OS and browser tools
• API: Yes
• What users can and can't do using the API: The API can be used to get real time job status and usage reports, it does not support upload of new jobs.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise the basic appearance, logos and colours. ; Customisation is done through admin page and take effect upon save.; Customisation options are given only to the admin.

Scaling

• Independence of resources: Our service has been built with excess server capacity and bandwidth for the number of users. If user numbers and demand increase we can double the capacity by rolling out another server. Due to the nature of the service the demand per user is predictable and limited. We monitor and log user numbers and demand over time.

Analytics

• Service usage metrics: Yes
• Metrics types: The service includes usage details per user and per group, items printed, postage type, items per day, costs and a breakdown of the above by department.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Other
• Other data at rest protection approach: Encryption of data to AES-256 standard.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customer user data can be exported by the admin from the admin controls.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Pipe seperated files
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • JSON
  • Pipe seperated files
  • Fixed width text

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data is encrypted using AES-256 until it is required for print.

Availability and resilience

• Guaranteed availability: We will agree and document service levels specific to each client's requirements, to ensure that the service is aligned with their operational requirements.; ; Availability - Our service availability guarantee will be 99.5% ; ; We take great care in monitoring our internal and external server network 24/7/365 to make sure that the up time guarantee is observed and that the end-user services are being delivered as smoothly as possible.; ; As part of our guaranteed availability, we will work with each client to identify and document any rebate system, should this become applicable.
• Approach to resilience: We use dedicated servers for this service so there is no load balancing with other services. ; ; The dedicated server host provides:; Multiple UK Sites for Disaster Recovery; N+1 Data Centres; 4 Hours Fix contracts with every M&E supplier; 24 x 7 Fuel supplies for onsite generators; Scheduled and regular maintenance on all M&E components; Multiple Tier 1 Network Carriers; No single point of failure between Data Centre sites. If link fails traffic automatically re-routed.; Scalable architecture including multiple redundant core switches and routers; Dual independent power feeds, backed up by dual battery string Uninterrupted Power Supplies (UPS) systems
• Outage reporting: We have a regular check which will send email alerts to us in case of any state changes, along with using visual ping to monitor every web page in the service. If the outage affects users emails will go out to cover type and estimated time to resolution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Only specific users are given management access, checked on both login and ip. Additional keys are required for admin level settings.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bsi
• ISO/IEC 27001 accreditation date: Re-certification on 06/04/2022
• What the ISO/IEC 27001 doesn’t cover: No out of scope activities
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 11/04/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Final in house data process and production which is outside the cloud service side.
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We meet ISO:27001 standards, all checks and tests are documented and results stored. We have in place automated processes to ensure data is cleared after it's retention date along with monthly manual housekeeping checks. After use data is encrypted and archived for the retention term.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All components of the service have been developed within a change control system. Every change is documented and revertible for review and testing. All changes are reviewed before deployment and tested for security if thought to raise any security risks.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Threats are assessed on potential risk to service and data security.; Standard security patches are tested and deployed weekly. Any vulnerability actively affecting service would be patched within 24hrs. ; We gather information by monitoring access, use and feedback to the service along with reports concerning components in use (os, db, web server, server side code components).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We log and monitor all access to the service, highlighting unknown ip, invalid service use, or invalid api keys.; Proactive systems (fail2ban) maintain a firewall approach to catch early attacks. If security is found to be compromised we would respond immediately with the goal to remedy within 24hrs.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are assessed on risk to service and user data security. users can report incidents through any of our methods of contact. All reported incidents are logged. Incidents cause and efforts to prevent going forwards will be documented in our change control system. Reports would be provided at request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We are an ISO14001 & ISO50001 accredited organisation and our Environmental & Sustainability Policy is available upon request.
• Covid-19 recovery:

  Covid-19 recovery

  Our business has delivered our contracted obligations within SLA throughout the pandemic and have robust policies and procedures in place to mitigate the risk of an outbreak within our workforce. We can supply documentary evidence if required.
• Tackling economic inequality:

  Tackling economic inequality

  We are an equal opportunities employer and we are currently working towards real living wage accreditation.
• Equal opportunity:

  Equal opportunity

  We have a fully documented Equal Opportunities procedure available upon request.
• Wellbeing:

  Wellbeing

  Within our H&S policy and manuals we have a dedicated section to the health and wellbeing of our employees. This forms part of all new employee induction process, we have nominated mental health ambassadors within each site and access to free and impartial counselling service. A copy of our Health, wellbeing and safety manual and policy is available upon request.

Pricing

• Price: £0.39 to £0.57 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Included installation, account setup, testing, document processing and return of PDF documents that would be printed and mailed if the service is made live. No documents are printed or mailed.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at graeme.nye@dsigroup.com. Tell them what format you need. It will help if you say what assistive technology you use.